searching by status is fixed. ToolID is next up #178
Conversation
|
Here's the code health analysis summary for commits Analysis Summary
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const { | ||
| serialNumber, | ||
| modelNumber, | ||
| barcode, | ||
| description, | ||
| toolID, | ||
| serviceAssignment, | ||
| category, | ||
| manufacturer, | ||
| width, | ||
| height, | ||
| length, | ||
| weight | ||
| }, | ||
| updatedBy: req.user._id, | ||
| createdBy: req.user._id | ||
| }) | ||
| if (!newTool) { | ||
| throw new Error({ message: 'Could not create tool', status: 500 }) | ||
| } | ||
| await ToolHistory.create({ | ||
| _id: newTool._id, | ||
| history: [newTool] | ||
| }) | ||
| res.locals.message = 'Successfully Made A New Tool' | ||
| res.locals.tools = [newTool] | ||
| res.locals.pagination = { pageCount: 1 } | ||
| res.status(201) | ||
| console.info(`[MW] Tool Successfully Created ${newTool._id}`.green) | ||
| console.info('[MW] createTool-out-3'.bgWhite.blue) | ||
| next() | ||
| } catch (error) { | ||
| res.locals.message = error.message | ||
| res.status(error.status || 500).redirect('back') | ||
| } | ||
| } | ||
|
|
||
| async function updateToolHistory(toolID) { | ||
| const oldTool = await Tool.findById(toolID) | ||
| await ToolHistory.findByIdAndUpdate( | ||
| { _id: toolID }, | ||
| { | ||
| $push: { history: oldTool }, | ||
| $inc: { __v: 1 }, | ||
| $set: { updatedAt: Date.now() } | ||
| } | ||
| ) | ||
| } | ||
|
|
||
| /** | ||
| * | ||
| * @param {*} req.body._id The id of the tool to update | ||
| * @param {*} res | ||
| * @param {*} next | ||
| */ | ||
| async function updateTool(req, res, next) { | ||
| console.info('[MW] updateTool-in'.bgBlue.white) | ||
| const ut = async (newToolData) => { | ||
| const { | ||
| id, | ||
| modelNumber, | ||
| description, | ||
| toolID, | ||
| serviceAssignment, | ||
| category, | ||
| manufacturer, | ||
| width, | ||
| height, | ||
| length, | ||
| weight | ||
| } = newToolData | ||
| updateToolHistory(id) | ||
| const updatedTool = await Tool.findByIdAndUpdate( | ||
| { $eq: id }, | ||
| { | ||
| } = req.body |
Check failure
Code scanning / CodeQL
Type confusion through parameter tampering Critical
| const { | ||
| id, | ||
| modelNumber, | ||
| description, | ||
| toolID, | ||
| serviceAssignment, | ||
| category, | ||
| manufacturer, | ||
| width, | ||
| height, | ||
| length, | ||
| weight | ||
| } = newToolData |
Check failure
Code scanning / CodeQL
Type confusion through parameter tampering Critical
| } | ||
|
|
||
| async function updateToolHistory(toolID) { | ||
| const oldTool = await Tool.findById(toolID) |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| async function updateToolHistory(toolID) { | ||
| const oldTool = await Tool.findById(toolID) | ||
| await ToolHistory.findByIdAndUpdate( | ||
| { _id: toolID }, |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| } = newToolData | ||
| updateToolHistory(id) | ||
| const updatedTool = await Tool.findByIdAndUpdate( | ||
| { $eq: id }, |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| updateToolHistory(id[i]) | ||
| newTools.push( | ||
| await Tool.findByIdAndUpdate( | ||
| { _id: id[i] }, |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| { | ||
| serviceAssignment: newServiceAssignment[i], | ||
| $inc: { __v: 1 }, | ||
| $set: { updatedAt: Date.now() } | ||
| }, |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
This change is